Shibboleth Service Provider (SP) - Installation Guide
For the Shibboleth SP version 2.6, INFED recommends relying on an enterprise-grade
Linux distribution with long term support: specifically, either Ubuntu Server LTS or
Red Hat Enterprise Linux / CentOS.
1. System requirements
For the Shibboleth IdP 3, we recommend a system with at least 2 GB of memory (4 GB
needed if you would like to avail the facility of interfederation services). The below basic tools also mandatory:
It will help us to download software and configuration files.
Package: openssl, the command-line tool will be used to deal with server certificates.
tar and unzip
Used to untar/unzip the archives (and also useful for listing contents of
2. Software Requirement
The Shibboleth IdP is developed under Java environment and therefore requires a Servlet container.
Our recommended setup consists of the following components:
Apache HTTP Server 2.4 or higher
Apache Tomcat 8 for the Java Servlet container
3. shibboleth Repository
The Shibboleth project operates its own repository that provides the official Shibboleth Service Provider binaries and its dependencies for RPM-based Linux distributions. This repository contains always up-to-date version of the Shibboleth Service Provider. Therefore, it is recommended to prefer this repository and its packages over packages that may be provided by the OS distribution.
If asked to confirm whether you really want to install Shibboleth and all dependencies, answer with 'Y' for yes.
After installation of the package, you need to start the shibd daemon:
sudo service shibd start
Shibboleth does not support the SP in conjunction with SELinux. To disable SELinux, configure SELINUX=disabled in /etc/selinux/config and reboot the system.
If there was an older version of a Service Provider already installed on the system, you might be asked whether to keep the existing configuration files or overwrite them with the package default files. The old configuration files should be kept. You can continue to use the old files in most cases. Generally, it is however recommended to perform a clean configuration as is described in the configuration guide mentioned below.
5. Quick Test
The Service Provider should now be installed on the system contauns following directories:
overall configuration is loadable, check console for non-fatal problems
If there are any ERROR log entries, it is strongly recommended to have a look at the problem.
Messages with log level WARN are generally not problematic but it is recommended to examine the causes of these warning messages.
5.2. Apache Configuration Check
Also test the Apache configuration with the command:
sudo apache2ctl configtest
sudo apachectl configtest
The output of this command should be:
5.3. mod_shib Test
(Re-) Start the web server and then access the URL: https:///Shibboleth.sso/Session.
The web server (or Shibboleth module respectively) should return a page that says:
A valid session was not found.
This message shows that the Shibboleth module is loaded by the webserver and is communicating with the shibd process.